Edit report at https://bugs.php.net/bug.php?id=62737&edit=1
ID: 62737 Updated by: larue...@php.net Reported by: leight at gmail dot com Summary: Segfault invoking SplFileInfo->openFile Status: Analyzed Type: Bug Package: Reproducible crash Operating System: Linux / OSX PHP Version: master-Git-2012-08-03 (Git) Block user comment: N Private report: N New Comment: I have made a patch for this. Previous Comments: ------------------------------------------------------------------------ [2012-08-03 15:02:48] larue...@php.net The following patch has been added/updated: Patch Name: ChangeDisableClassHandler.patch Revision: 1344006168 URL: https://bugs.php.net/patch-display.php?bug=62737&patch=ChangeDisableClassHandler.patch&revision=1344006168 ------------------------------------------------------------------------ [2012-08-03 14:25:19] larue...@php.net this is a very badly bug. but I think it's not a spl issues, we should change the behavior of zend_disable_class, since for now, it will delete the class entry, which will make the class entry pointer (preserved by extension) become a wild pointer.. dereference it is a undefined behavior, in this sense, segfault is lucky. ------------------------------------------------------------------------ [2012-08-03 14:12:33] larue...@php.net I think this is not only splFileObject, many classes may has such issues. (especially those who preserves their own class entry). ------------------------------------------------------------------------ [2012-08-03 11:06:18] leight at gmail dot com Description: ------------ When SplFileObject is on the disable_classes list, and SplFileInfo->openFile is called, PHP crashes because there is no check on whether the SplFileObject object was actually created or not, before trying to use it. The offending code is in ext/spl/spl_directory.c in spl_filesystem_object_create_type Test script: --------------- <?php // Run with -d disable_classes=SplFileObject $a = new SplFileInfo('/bin/ls'); $a->openFile('r'); Expected result: ---------------- A message stating SplFileObject is disabled. Actual result: -------------- Segmentation fault ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62737&edit=1
